2. www.selbyjennings.com | enquiries@selbyjennings.com Industry Insight | Enabling Exceptional Careers
Cybersecurity consistently dominates headlines;
where attacks are becoming increasingly
sophisticated, frequent and ambitious. From last
year’s Democratic Party email leaks to the huge
data breach at Yahoo, it appears no one – and no
industry – is completely safe from the threat of
cybercrime.
Cyber Secruity is a global concern, and is
causing particular concern in Asia. In 2016, Japan
witnessed its largest banking hack; 14,000 ATM
cash withdrawals and ¥1.8bn / $18m SGD. It is no
secret that the frequency of sophisticated cyber-
attacks on the banking sector has increased.Across
the APAC region, the financial sector has been hit
hard.There were a number of high-profile incidents
in 2016 including the Bitfinex bitcoin exchange
hack in Hong Kong and the Bangladesh Central
Bank heist.“$81.3bn SGD Revenues lost to cyber-
attacks in the Asia-Pacific region in the 12 months;
of a global total of $315bn. SGD”1
. Across 2016,
large scale heists took place inTaiwan, Malaysia and
Thailand.
Cybersecurity standards and protocols have been
set up across the region, yet it remains vulnerable
to attacks. With the increasing frequency of
sophisticated attacks the industry is in urgent need
of robust, comprehensive cyber-security programs,
supported by rigorous levels of governance, risk
and compliance, to avoid becoming victims of an
attack.
35% of all cyber-attacks are targeted towards the
banking community making it an industry priority
to optimise cyber resilience and enhance incident
response preparedness to protect data and mitigate
risks associated with money laundering and fraud.
Below are 4 cybersecurity trends we expect to see
in Banking across the APAC in 2017.
INTRODUCTION
3. Industry Insight | Enabling Exceptional Careers
1. Chief Cybercrime Officer
Many banking institutions are beginning to
appreciate the gravity of the situation and are
looking for some way (or someone) to tackle the
issue of cybersecurity head-on.
As such, a new role of Chief Cybercrime Officer
(CCO) has already been advertised by many within
the industry where banks are looking to appoint
senior staff with daily responsibility for protection
against cyberattacks.
The CCO role will be task tasked with, ensuring
the company is “cyber-ready”, taking responsibility
for preventing breaches and taking the lead to
manage problems and provide a vital link between
the board members and the rest of the company.
2.Third-party vendor security
A business might have the right security systems and
policies in place to protect itself from a cyberattack,
but does its third-party providers and supply chain
have that same level of security and diligence? If
the answer is ‘no’, there is another vulnerability
for the business and its customers, who could find
themselves victims of a cyberattack.
One such example; SWIFT had been a trusted
provider within the international banking industry.
If you received a SWIFT message, you could be
confident it was a legitimate transfer. But that was
before hackers used malware to take control of
SWIFT’s messaging app and send fraudulent SWIFT
messages.This led to the theft of $81 million SGD
from Bangladesh’s central bank.
In 2017 Banks need to make third-party risk
management a priority if they are to avoid similar
attacks. They must find their weaknesses and
tighten policies, to prevent sub-standard security
measures and systems providing the gateway for
major exposures.
3.The growing threat;
Ransomware
2017 will see a further rise in Ransomware which
often offers hackers a simple and lucrative way to
make fast money. For the organizations affected, it
means not just a ransom payment, but also the loss
of operations, employee unease and severe brand
damage.
According toTrend Micro,Ransomware is predicted
to grow by 25% in 20172
. Over the coming year,
we will see attacks becoming more targeted and
spreading into IoT devices, PoS systems, and ATMs.
By encrypting data, hackers are able to demand
huge sums of money from organizations. It has
become a threat that many banks have to suffer in
silence; if customers were alerted to the fact that a
firm was infected with Ransomware,the damage to
the brand would be irreparable.
4 CYBER SECURITY TRENDS IN 2017
4. 4. IT security skills shortage
The reality is that cyberattacks far outpace
cyber-defense due to the clear shortfall in the
cybersecurity workforce.There are currently more
than one million cybersecurity job vacancies around
the world.However,until that skills shortage is filled,
the banking sector (and many others) will struggle
to manage cybersecurity risks.
According to a report by Intel Security, 82% of the
IT decision-makers believe there is a shortage of
cybersecurity skills within their organization with
71% of respondents agreeing that this shortage
is doing their businesses ‘direct and measurable
damage’.3
Cybersecurity recruitment
For the banking sector to overcome these barriers,
2017 needs to be a year of innovative solutions and
a new approach to how we build the cybersecurity
workforce. Hiring talent on a temporary basis is
often the only route available for under-staffed
security teams. That’s why the CISO-as-a-service
or virtual CISO model is taking off and we expect
it to grow further throughout the year4
.
• Security Director/ Manager
• Cyber Risk Manager
• Security Architect
• Information Assurance Manager
• CISO/ CSO
• SOC Director/ Manager
• Forensics Investigator
• IT Audit
• PenetrationTester
• Cloud Security
8. Last year we placed candidates in over 66 countries
from our global office network. We were proud
to be named Banking Recruitment Company of
the year 2016 – Recruitment International APAC
Awards (Singapore) and will continue to innovate
our services to meet the changing demands of the
sector.
We were also named one of the 1000 Companies
to Inspire Britain by the London Stock Exchange
and Number 1 in the in the SundayTimesTop 100
Small Companies to Work For.
If you’re interested in any specific additional data
to support your business needs, or should you
require specific information on general market
trends, look into strategizing the position of the
IT Security team internally or looking to have
discussion on partnering with our team to enhance
your Cyber Security mandates get in touch:
Ishan.Daniel@selbyjennings.com.
Please note that the above salary surveys cover a significant
proportion of the market, within vastly different Investment
Banks taking into account different levels of seniority. If you
would like to learn more about what you should be earning
or paying, specific to your individual circumstances, please do
get in touch. Our Consultants in the FIFX EquitiesTeam will
be happy to help: enquiries@SelbyJennings.com.
Sources:
https://www.ft.com/content/38e49534-57bb-11e6-9f70-badea1b336d4
http://www.trendmicro.com/vinfo/us/security/research-and-analysis/
predictions/2017
http://www.mcafee.com/us/resources/reports/rp-hacking-skills-shortage.pdf
https://sentinelone.com/blogs/the-most-devastating-cyber-attacks-on-banks/
SELBY JENNINGS
9. This guide has been brought to you
by Selby Jennings, part of the Phaidon
International.
Selby Jennings is a specialist provider of
Financial Services recruitment solutions
across Europe, the US, Asia and the
Middle East.
We believe every professional should
benefit from the advice of a trusted
partner throughout their career.
Contact Selby Jennings for more
information about career opportunities
in this sector, or if you are looking to
expand your team.
Contact us today:
www.selbyjennings.com
enquiries@selbyjennings.com
Enabling Exceptional Careers
Selby Jennings exists to enable exceptional career around
the world; we connect exceptional talent with exceptional
opportunities.
INDUSTRY INSIGHT